Hello all. This is my first post so go easy on me Recently our mail server was compromised and was sending out thousands of emails. I hardened the security settings per cpanel documentation. As a IT Security analyst, I found it very difficult to monitor activity without checking logs or going into the WHM. I think it would be extremely useful for an early detection system to notify systems admins of irregular activity.

My proposal is a cron job that runs through the mail queue manager and sends email reports when there is large number of emails ready to go out that have not been delivered yet due to security restrictions.

The cron job should also go through the mail delivery reports and show deferrals and failures so we can notify our users accordingly.

Would love to know how this is possible as I believe it would be a great tool for all admins to combat spam and any compromised servers. Looking forward to your assistance / thoughts. Thank you!